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REAL PARTY IN INTEREST 



The real party In interest in this appeal is the following party: International Business Machines 
Corporation. 
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RELATED APPEALS AND INTERFERENCES 

With respect to other appeals or interferences that will directly affect, or be directly affected by, 
or have a bearing on the Board's decision in the pending appeal, there are no such appeals or 
interferences. 
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STATUS OF CLAIMS 

A. TOTAL NUMBER OF CLAIMS IN APPLICATION 

The claims in the application are; 1 -28 

B. STATUS OF ALL THE CLAIMS IN APPLICATION 

1 . Claims canceled: 4, 1 3> 1.4, 1 6, and 1 7 

2. Claims withdrawn from consideration but not canceled: None 

3. Claims pending: 1 -3, 5-1 2, 1 5, and 1 8-28 

4. Claims allowed: None 

5. Claims rejected: 1 -3, 5-1 2, 1 5, and 1 8-28 

C. CLAIMS ON APPEAL 

The claims on appeal are: 1-3,5-12, 15, and 18-28 
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STATUS OF AMENDMENTS 



No Amendments have been filed subsequent to the rejection. 
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SI IfUMARY OF CLAIMED SUBJECT MATTER 

A. CLAIM 1 - INDEPENDENT 

The subject matter of claim 1 is directed to a method for managing resources on a computer 
network. A configuration file is created for each user on the network. When a user logs onto a 
local client computer, the user identity is matched to the configuration file. Based on the 
configuration file, the user is allowed access to particular resources on the local client computer. Tn 
the UNIX Operating System, all resources must be attached at the local computer. What the 
method of claimed invention does is set up a configuration file for each user. The configuration file 
allows a user to attach quickly resources to which he is supposed to have access. Thus, the method 
of claim 1 allows users to access an individualized configuration of network resources from any 
client within the network, rather than limiting the configuration to one particular client. Support for 
claim 1 may be found on page 9, line 22 through page 1 0, line 30 and in Figure 4. 

B. CLAJM 1 8 - INDEPENDENT 

Claim 18 is directed to a computer program product in a computer readable medium for 
carrying out the method claimed in claim 1 . Support for claim 1 8 may be found in page 9, line 22 
through page 1 0, line 30 and in Figure 4. 

C CLAIM 27 - INDEPENDENT 

Claim 27 is directed to a system for managing resources on a computer network where the 
system is designed to carry out the method of claim ] . Support for claim 27 may be found on page 
9, line 22 through page 1 0, line 30 and in Figure 4. 
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The means for defining the contents for a configuration file may be found on page 10, lines 9 
through 1 2. The support for a means for receiving a login identification for user may be found in 
network 1 02 shown in Figure 1 and described on page 5, line 4 through page 6, line 2 1 . Hie means 
for matching the user identity with the user configuration file may be found in Figure 2 and 
specifically processors 202 and 204 in Figure 2, which are described on page 6, line 25 through 
page 7, line 5. The means for attaching network resources to a client computer based on the user 
identity and contents of the user configuration file maybe found in Figure 1, specifically network 
102, which is described on page 5, line 5 through page 6, line 2 1 . Support for the term '"wherein 
said computer network is configured to run on an operating system that includes an attachment of 
resources to a given computer to be formed on said given computer" may be found on page 1 7 lines 
24 through 30. 

C> CLAIM 28 - DEPENDENT 

Support for "means for receiving a log out command from the user" may be found in network 
102 shown in Figure 1 and described on page 5, line 4 through page 6, line 21. The means for 
matching the user identity with the user configuration file may be found in Figure 2 and specifically 
processors 202 and 204 in Figure 2, which are described on page 6, line 25 through page 7, line 5. 

Support for "means for unattaching the attached resources to a client computer based on the 
user identity and contents of the user configuration file" may be found in Figure 1, speci fically 
network 102, which is described on page 5, line 5 through page 6, line 21, Support for the term 
'Vhcrein said computer network is configured to run on an operating system that includes an 
attachment of resources to a given computer to be formed on said given computer" may be found 
on page 1 , lines 24 through 30. 
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A- GROUND OF REJECTION 1 (Claims 1-3, 5-9, 15, 18-23 and 27) 

Claims 1-3, 5-9, 15, 18-23, and 27 arc rejected under 35 U.S.C § 103(a) as being obvious over 
Pereira, System and Method for Controlling Access to Personal Computer Svstcm Resources . U.S. 
Patent 5 ? 809,230 (Sep. 1 5, 1 998) in view of Win ct al, Administrative Roles That Govern Access to 
Administrative Functions . U.S. Patent 6, ) 6 1 , 1 39 (Dec. 1 2, 2000). 

B. GROUND OF REJECTION 2 (Claims 1 (Ml, 24-25 and 28) 

Claims 10-11, 24-25 and 28 are rejected under 35 U.S.C § 103(a) as being obvious over Pereira 
and Winn in view of Hudson et al. System and Method for Accessing Enterprise Wide Resources 
bv Presenting to the Resource a Temporary Credential , U.S. Patent 6,055,637 (Apr. 25, 2000). 

C GROUND OF REJECTION 3 (Claims 12 and 26) 

Claims 1 2 and 26 are rejected under 35 U.S.C. § 1 03(a) as being obvious over Pereira and Win 
in view of Bauer ct al, Method for Controlling Resource Usage bv Network Identities . U.S. Patent 
5,819,047 (Oct. 6, 1998). 
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ARGUMENT 



A. GROUND OF REJECTION 1 (Claims 1-3, 5-9, 15, 18-23 and 27) 
A.l. Claims 1, 18 and 27 

A-l-1- THE PROPOSED COMBINATION DOES NOT RESULT IN THE CLAIMED 
INVENTIONS. 

The examiner rejects claims 1 ? 1 8 and 27 under the assertion that: 

7. As per claims 1 , 1 8 and 27, Pereira laugh L the invention 
substantially as claimed for managing resources in a computer network; 
comprising: 

receiving a login identification from a user on a given 
computer that uses a given operating system, wherein said given 
operating system requires that attachment of resources to said 
given computer be performed on said given computer (co). 1, lines 
47-54; col. 7, lines 10-37; col. 9, lines 34-col. 10, line 33); 

matching the user identity with said user configuration file 
(col, 1, lines 47-54; col. 7, lines 10-37; col. 9, line 34-col. 10, line 
33); and 

in response to said matching step, executing a resource 
attachment program on said given computer to attach network 
resources to said given computer based on the user identity and the 
contents of said user configuration (col. 1 , lines 47-54; col. 7, lines 
10-37; col. 9, line 34-col. 10, line 33). 

8. Pereira did not teach defining configuration file for each network 
user. Win taught a similar system comprising: 

defining the contents ofa configuration file for each 
network user (col. 1 2, lines 45-50; col. 1 5, lines 30-37). 

9. Tt would have been obvious to one having ordinary skill in the art 
at the time of the invention was made to combine the teachings of Pereira 
and Win because Win's system of defining configuration file for each 
network user would increase the functionality of Pereira' s system by 
providing resource access control for user accessing a computer over the 
network (col. 2, lines 35-49). 

Office Action of October 22 ? 2004, pages 3-4, paragraphs 7, 8 f and 9. 

The examiner has failed to state prima facie obviousness rejections because the proposed 
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combination does not result in the claimed inventions. Neither Pereira nor Win show defining the 

contents of a configuration file for each network user. In addition, the examiner has failed to state 

how either reference shows defining the contents of a configuration file for each network user. The 

examiner asserts that Win does teach defining the contents of a configuration file for each network 

user, citing Win as follows: 

Administration Application 1 14 is used by administrators to configure 
server components of the system, to set up user and resource records, 
assign roles to users and resources and manage changes to the system. The 
Administration Application provides these services by reading and writing 
information in Registry Server 108. 
Win, col. 12, lines 45-50. 

Preferably, the Administration Application 1 14 can display a User 
Tnfomiation data entry form that accepts information defining a user. An 
administrator may complete and submit the data entry form for each 
individual user to be defined. In response. Registry Server 1 08 stores 
information defining the user in the Registry Repository 1 1 0. Each user is 
defined by personal information, login and password information, and 
account information." 
Win, col. 15Jines30-37. 

For the reference to column 1 2, the cited text does not show creating a configuration file for 

each network user. Instead, the cited text merely shows that data on users, resources and roles in 

configuration information maybe stored in a registry repository. Storing configuration information 

in a registry repository does not create a configuration file for each user. Win shows a centralized 

database stored on a single server and not a configuration file for each user. Similarly, the text cited 

from column 1 5 states registry server 1 08 stores information defining a user in the registry 

repository. Each user is defined by personal information, but the information is contained in a 

single database. A configuration file is not created for each user. This fact is shown in column 12, 

lines 20*29, which provides as follows: 
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Registry Repository 1 10 is the primary data store for the system 2. II 
contains data on Users, Resources and Roles and configuration 
information required for the system 2 to function. Selected data, for 
example, passwords, are stored in Registry Repository 1 10 in encrypted 
form. The data about Users, Resources and Roles stored in Registry 
Repository 1 1 0 represents the structure of an enterprise or organization 
that has protected resources. Data in Registry Repository 1 1 0 is managed 
using Administration Application 1 14. 
Win, col. 12, lines 20-29 

Because neither reference shows defining the contents of a configuration file for each network 
user, and because the examiner has failed to provide any reason why defining the contents of a 
configuration file for each network user would be obvious or even desirable, the proposed 
combination does not result in the claimed inventions. Accordingly, the examiner has failed to state 
prima facie obviousness rejections. 

In addition, neither reference shows where the operating system described in cither Pereira or 

Win requires attachment of resources on a computer network to the given computer to be 

performed on the given computer as claimed in claim 1 . The examiner asserts that Pereira does ' 

show these claimed steps citing the following text: 

Thus, there is a need to segregate files for one user on a PC from the other 
users. One way to keep a user from accessing certain files is to keep the 
user from gaining access to the application program that modifies the 
content of the file. Programs which control access to application programs 
are known which require a user to enter a password before the operating 
system activates the program for the user. 
Pereira, col. 1, lines 47-54. 

The system initialization file probably continues by verifying that the user 
bringing up the system is authorized for use of the system. If the user is 
authorized, installation of the programs necessary for the operating system 
and the user interface continues. Control is then transferred to the user 
interface so the user may begin to select programs for execution and use. If 
the user is not authorized for system use, the system initialization program 
denies the user access. After a predetermined number of attempts to gain 
access have failed, the program aborts system initialization. 

Preferably, the resource control system and method of the present 
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invention are implemented by an access control program which is installed 
on the PC once a user is given access to the system. The program is 
typically provided on a diskette which is placed in the disk drive of a PC 
system. The diskette is provided with an installation program which 
creates a directory for the access control program on the user's hard disk 
drive. The files containing the program components are then copied into 
this directory. Part of the installation procedure is to insert commands into 
a system initialization file, such as the AUTOEXEC.BAT file, before the 
command which activates an operating system or Windows interface 
program. These commands activate the program components of the access 
control program before the operating system or Windows interface 
program is activated at system initialization. After the access control 
program is installed, the program requests the user to register as the 
Primary User and to identify a password. This password is used to identify 
the Primary User at subsequent logins. 
Pereira, col. 7, lines 10-37. 

By activating the ports tab 82, the ports program component generates a 
list of the communication and printer ports available on the system. An 
exemplary display is shown in FIG, 7. Those communication and printer 
ports which have au "X" in the window next to a port identifier, such as 
COM1, indicate that those communication and printer ports have been 
restricted from use for that user. In response to the definition of these ports 
as being restricted or not, the access control program generates a file 
identified by the user's identifier of ports to which the user is denied 
access. 

The restricted lists for the groups, programs, directories, and ports are 
placed in files which are associated with a user's identifier. These files are 
then used by the access control program to modify system files when a 
user signs on the system. Specifically, after system initialization has been 
performed by the BIOS, control is transferred to the access control 
program. This program prompts the user for a user name and 
corresponding password. If the password and user name are verified, the 
files containing the lists of restricted groups, programs, directories, and 
ports are read by the access control program. The access control program 
uses the group and program lists to delete references to those files from the 
system files. In the Windows 3.x environment this is done bypassing the 
lists to the dynamic data exchange (DDE) which causes the program 
manager to delete the specified resources from the Group and INI files. 
Thereafter, the only group folders and program icons which are displayed 
are those which were not deleted at user sign on. The access control 
program also monitors calls to the DDF. and program manager to prevent 
the restoration of deleted resources to the system files by a user. The 
directory and port lists arc used to generate tables for the program 
components of the access control program which control the I/O routines 
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that interface with the drives and ports of the PC system. These tables are 
maintained in memory with the program components and remain active 
regardless of whether the operating system or Windows interface program 
is executing since the DPMI is used to make the memory jn which the 
program components arc located accessible. When the program 
components trap a request for a directory or port, the I/O routine of the 
program component verifies lhal the requested directory or port is 
authorized for the user currently on the system. 

In the Windows 95 environment, the access control program modifies the 
registry file since this file is used to define the computer resources which a 
user can access and which the Windows 95 program accesses to generate 
displays of program icons and program groups. Because Windows 95 
performs its own user login procedure, the transfer from the login 
procedure to the access program is done differently. The login procedure 
in Windows 95 assigns the user a default user registry file if the user 
cannot enter a password that corresponds with a user's identifier or if the 
user aborts the login procedure. To prevent this default user from gaining 
control of the system, the access control program modifies the default user 
profile in the registry file so the default user is not authorized to use any 
system resources. If the user enters a corresponding password, however, 
the files identified by the user's identifier are used to define the resources 
in the registry file. Since Windows 95 uses this file to display program 
icons and program groups, the system only displays the ones which the 
Primary User identified for the user through the access control program. 
The access control program may use an application program interface 
(API) to modify the registry system file in accordance with the restricted 
list files generated by the access control program. 
Pereira, col. 9, line 34 through col. 10, line 33. 

The examiner misapprehends Pereira, Pcreira does not show that the given operating system 

requires that attachment of network resources to a given computer be performed on said given 

computer, as claimed. Pcreira only discusses a method for controlling access to a personal 

computer by adjusting the boot record in the computer. Pereira does not discuss networks at all. 

Thus, the cited text provides absolutely no indication that the operating system requires attachment 

of network resources in a computer network to be performed on that computer. Win fails to cure 

the lack of disclosure in Pereira. Therefore, the examiner has failed to state a prima facie 

obviousness rejection of claims 1,18, and 27, which all contain similar limitations. 
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, addition, the examinerhas failed to state prim a facie ob^-ess rejects because the 
cascofob— c^^ 

teaching, incentive, or suggestion supporting the combination. In re Napier, 55 F.3d 610, 613, 34 
U.S.. P .Q.2d 1732, 1784 (Fed. Cir. 1995); /» » 910 M 831, 834, 15 U.S.P.Q.2d 1566, 1568 
(Fed. Cir. 1 990). Regarding claims 1. 1 8 and 27, the examiner states that: 

9 It would have been obvious to one having ordinary skill hi the art 
!; the tirne of the invention was made to combine the teachings of Pereira 

W ^ at Wi"s system of deframg configuration file tor each 
ncSuser would increSe the functionality of^s^y 
providing resource access control for user accessing a computer over the 
network (col. 2, lines 35-49). 
Office Action of October 22, 2004, pages 3-4, paragraph 9. 

The examiner's logic depends on an incorrect evaluation of both Pen*, and Win. Therefore, 
the statement cannot serve as a motivation to combine the references. Because the examiner has 
not stated a proper motivation to combine the references, the examiner has fa,led to state prima 

facie obviousness rejections. 

Furthermore, one of ordinary skill in the art would recognize that the combination of Pereira 
and Win would be impracticable. Pereira is directed to a method of controlling access to a single 
computer's resources by controlling the computer's boot record. Win is directed to storing 
information that defines administration roles over a network. For Win and Pereira to be combined, 
each local computer would have to be re-booted every time a new user attempted to access the 
computer over a network. No one would be motivated to waste time, effort, and money by 
rebooting every local computer each time a new user logs in. Thus, one of ordinary skill would 
recognize that the examiner's statement makes no sense. Accordingly, the examiner has failed to 
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• Pnr this reason the examiner has again failed to state 

state prima facie obviousness rejections. For thts reason, me 

prima facie obviousness rejections. 

agnize or implement *e advantage. Vurtherrnore. the statement misses tne pota of to 
inve.uion^^foredocnotsc^asa.no^onata,,. B— *.«-*-'-«"» 
state aproper Ovation «> cr-rncthe references, theexarcinerbas Idtad to su« prima facie 

obviousness rejections of claims 1, 18, and 27, 

Moreover, because one of ordinary skill would recognize that the examiner's proposed 
coronation is impracticable and because the examiner's statement does not serve as a motivation, 
the examiner must have used Applicants' own disclosure when fashioning the rejections. Tims, the 
examiner has used impermissible hindsight to fashion the rejections. In determining obviousness, 
an applicant's teachings may not be read into the prior art. Panduil Corp. v. DenisonMfg. Co., 810 
R2d 1561, J 575 n. 29, 1 U.S.P-Q, 1 593, 1 602 n. 29 (Fed. Cir. 1987) (citing need to "guard gainst 
hindsight and the temptation to read the inventor's teachings into the prior art"). A determination of 
the desirability of combining prior art references must be made without the benefit of hindsight 
afforded by an applicant's disclosure. In re Paulsen, 30 F.3d 1475, 1482,31 U.S.P.Q. 1671, 1676 
(Fed. Cir. 1 994). Accordingly, the examiner has again failed to state prima facie obviousness 
rejections. 

A.1.2 Claims 1, 18, and 27 Are Non-Obvious in View of the References 

In addition, claims 1, 1 8 and 27 are non-obvious in view of the references. Pereira is a security 
system that affects the basic levels of an individual computer's operating system. Win provides 
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centralized netwo* security. If the methods of Pcreira were incorporated into the methods of Win, 
then the useridentity and privileges tor each user at each computer would have to be sctatboot-up 
for each individual computer. Thus, if users were to be changed at each computer, then each 
computer would have to be rebooted. If implemented over a network, one would have to reboot a 
local computer every time a new user is to gain access to a client computer. No one of ordinary 
skill would implement this system because it is slow, cumbersome, and wasteful of resources, time, 
and money. Thus, no one would be motivated to combine the references. Accordingly, the claims 
are non-obvious. 

In addition, Pereira and Win are both relatively old references in the art of computer programs 
computers. The primary reference of Pereira issued in 1 998 and Win issued in 2000. Pereira i s 
about seven years old and Win is about five years old. In the art of managing resources on UNTX 
based systems, in view of the extremely rapid pace envelopment in the computer arts generally, 
seven years and five years represents a very long time. If it had been obvious to combine the 
references in the manner suggested by the examiner, then one ofordinary skill would have already 
done so, given the advantages that the claimed inventions have over the prior art. Therefore, claims 
1, 18 and 27 are non-obvious over Pereira in view of Win. 

A.J .3 Claims 1,18, and 27 are Patentable over Pereira in View of Win 

In summary, the examiner has failed to state prima facie obviousness rejections of claims 1,18 
and 27 because the proposed combination does not result in the claimed inventions, because the 
examiner has failed to state a proper motivation to combine the references, and because the 
examiner used impermissible hindsight to fashion the rejections. In addition, claims 1,18 and 27 
are non-obvious in view of the references because the proposed combination would be slow and 
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would have already done so. 



A-2 Claims 2 and 15 

Regarding claims 2 and 1.5, the examiner asserts that: 

] o As per claims 2 and 15, Pereira and Win taught the invention 
Lankly as claimed in claims 1 and 1 8 above. Win further ^taught 
wherein the contents of the configuration file arc defined by a network 
administrator (col. 1 2, lines 45-50). 
Office Action of October 22, 2004, page 4, paragraph 10. 

Claims 2 and 1 5 depend from claims 1 and 1 3, respectively, and therefore should bo allowable 
for the same reasons given above. In addition, neither Pereira nor Win show a configuration tile, as 
discussed above, so neither Pereira nor Win can show an administrator defining the contents of the 
configuration file. 

The examiner asserts that Win does show the claim feature, citing the following text: 

Administration Application 1 14 is used by administrators to configure 
server components of the system, to set up user and resource records, 
assign roles to users and resources and manage changes to the system. I he 
Administration Application provides these services by reading and wnting 
information in Registry Server 108. 
Win, col. 12, lines 45-50. 

The examiner misapprehends Win. The cited text discusses configuring server components of a 
system, setting up user and resource records, assigning roles to users and resources, and managing 
changes to the system. However, the cited text does not discuss storing a configuration file on a 
network server, as claimed. Pereira fails to cure the lack of disclosure in Win. Thus, the proposed 
combination does not result in the claimed inventions. Accordingly, the examiner has failed to state 
prima facie obviousness rejections of claims 2 and 15. 
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A.3 Claim 3 

Regarding claim 3, the examiner asserts that: 

11 As per claim 3, Pereira and Win taughtthe invention substantially 

u claimed 1 above. Win ^^^^ST 
Hie is stored on a network server (col. 1 2, lines 2-6, col. 16, Unes 43 54, 

col- 23, lines 20-23). 
Office Action of October 22, 2004, page 4, paragraph 11. 

Claim 3 depends from claim 1 , and therefore is patentable over Pereira in view of Win » 

discussed above, m addition, the examiner misapprehends Win. The cited text is as follows: 

Authentication Server Module 606 provides access to the Registry 
Repository 1 10, which stores User, Resource, and Role information. 
Access Control Library 610 also provides access to the Registry 
Repository. 
Win, col. 12, lines 2-6. 

For example, consider a user who is defined in the Registry Repository as 
having a Record Type of User, a Record Name of Harvey, and a Role of 
Hotline Staff. A field in the Admin Role record specifics whether that user 
is assigned the "configuration privilege". This privilege allows an 
administrator to configure and maintain servers in the systenrFor 
example, the Registry Repository contains a record having a Record I ype 
of Admin Role, a Record Name of Hotline Staff, a Configuration Privilege 
of No, and an Administration Privilege of HelpDesk Admin. Another field 
in the Admin Role record specifics the set of administrative functions that 
may be performed. 
Win, col. 12, lines 43-54. 

In the preferred embodiment, Administration Application 1 14 can generate 
reports that list information stored in Registry Repository 1 10. For 
example, Administration Application 114 generates a Roles By Resource 
report that lists roles that are supported by specified resources. 
Win, col. 23, lines 20-23. 

As the cited text shows, Win does not teach wherein the configuration file is stored on a 
network server because Win does not teach creating a configuration file in the first place. 
Therefore, the examiner has failed to state a prima facie obviousness rejection of claim 3. 
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A.4 Claims 5 and 19 

Regarding claims 5 and 19, the examiner states that: 

i -> As ner claims 5 and 19, Pereira and Win taught the invention 
Lar^lly * Sled in claims 1 and 18 above. Pereira further taugh 
wSlid Source attachment program is stored on the chent computer 
(col. 7, lines 19-22). 
Office Action of October 22, 2004, page 4, paragraph 1 2. 

ClaimsSand 19 depend on claims 1 and 1 8, and therefore are patentable over Pereira in view of 
Win. in addition, the examiner has again failed to state prima facie obviousness rejections because 
Pereira does not show a resource attachment program as claimed. 

The examiner does assert that Pereira shows the claim feature, citing the following text: 

Preferably, the resource control system and method of the present 
invention^ implemented by an access control program winch ,s installed 
on the PC once a user is given access to the system. 
Pereira, col. 7, lines 19-22. 

The cited text merely refers to an access control program installed on an individual computer 
for securing resources. The access control program secures resources on the individual computer 
by controlling the computer's boot record, as described above. The cited text toes not in any way 
show the features of claims 5 and 1 9. Win fails to cure the lack of disclosure in Win. Thus, the 
proposed combination does not result in the claimed inventions. Accordingly, the examiner has 
foiled to state prima facie obviousness rejections of claims 5 and 19. 



A.5 Claims 6 and 20 

Regarding claims 6 and 20, the examiner asserts that: 

13. As per claims 6 and 20, Pereira and Win taught the invention 
substantially as claimed in claims 1 and 1 8 above. Win further taught 
wherein the resource attachment program is stored on a network server 
(fig. 7; col. 12, lines 5 1-53). 
Office Action of October 22, 2004, page 4, paragraph 13. 
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Claims 6 and 20 depend from claims 1 and 18, respectively, and therefore are patentable over 
Pereira in view of Win. In addition, Win does not teach that the resource attachment program is 
stored on a network server, as claimed. 

The examiner does assert that Win shows the claim feature: 

FIG. 7 is a block diagram of apreferred embodiment of Administration 
Application 1 14 incorporated in an administrator workstation 700. 
Win, col- I2 ? lines 51-53 

Figure 7 is as follows: 




The cited text and Figure 7 do not show a resource attachment program stored on a network 
server as claimed. Although Figure 7 does show a registry server, nowhere does it indicate the 
claimed feature. Pereira fails to cure the lack of disclosure in Win. Thus, the proposed 
combination does not result in the claimed inventions. Accordingly, the examiner has failed to state 
prima facie obviousness rejections of claims 6 and 20. 

In addition, Win docs not teach a resource attachment program. Therefore, Win cannot show a 
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Claims 6 and 20 depend from claims 1 and 18, respectively, and therefore are patentable over 
Pereira in view of Win. In addition, Win does not teach that the resource attachment program is 
stored on a network server, as clairoed- 

Tfoe examiner does assert that Win shows the claim feature: 

FIG. 7 is a block diagram of a preferred embodiment of Administration 
Application 114 incorporated in an administrator workstation 700. 
Win, col. 12, lines 51-53 

Figure 7 is as follows: 




The cited text and Figure 7 do not show a resource attachment program stored on a network 
server as claimed. Although Figure 7 does show a registry server, nowhere does it indicate the 
claimed feature. Pereira fails to cure the lack of disclosure in Win. Thus, the proposed 
combination does not result in the claimed inventions. Accordingly, the examiner has failed to state 
prima facie obviousness rejections of claims 6 and 20. 

In addition, Win docs not teach a resource attachment program. Therefore, Win cannot show a 
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resource attachment program attached to a network server, as claimed in claims 6 and 20. Pereira 
fails to cure the lack of disclosure in Win. Thus, again, the proposed combination does not result in 
the claimed inventions. Accordingly, the examiner has failed to state prima facie obviousness 
rejections of claims 6 and 20. 



A.6 Claims 7 and 21 

Regarding claims 7 and 21 f the examiner asserts that: 

14. As per claims 7 and 21, Pereira and Win taught the invention 
substantially as claimed in claims 1 and 1 8 above. Win further taught 
wherein the step of attaching resources to a client further comprises 
creating a record of all successfully attached resources (col. 13, lines 16- 
19; col. 23, lines 25-32), 
Office Action of October 22, 2004, page 4, paragraph 1 4. 

Claims 7 and 21 depend from claims I and 18. Thus, claims 7 and 21 arc patentable over 
Pcrcira in view of Win for the sairie reasons given above. 

In addition, the examiner's statement is incorrect. Win teaches that lists of roles and resources 

are associated with each other and are stored in a centralized database. However, Win does not 

discuss attaching resources lo a client and does not discuss creating a record of all successfully 

attached resources. The examiner asserts otherwise* citing from Win as follows: 

Reports may list resources accessible to particular users, roles and users 
that can access particular resources or users and resources that have been 
assigned particular roles. 
Win, col. 13, lines 16-19. 

Administration Application 1 14 generates a Users By Resource report that 
lists users having access to specific resources, and the users' roles. 
Administration Application 1 14 generates a Resources By Role report that 
lists resources assigned to specific roles. Administration Application 1 14 
generates a Users By Role report that lists users assigned to specific roles 
Win, col. 23 Jines 25-32. 

As can be plainly seen from the cited text Win docs not show creating a record of all 
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successfully attached resources. Win does disclose listing resources accessible to particular users 
and resource that have been assigned particular roles. Win also discloses a report that lists user's 
having access to specific resources and a report that lists resources assigned to specific roles. 
However, Win does not disclose creating a record of all successfully attached resources. Pereira 
fails to cure the lack of disclosure in Win. Thus, the proposed combination does not result in the 
claimed inventions. Accordingly, the examiner has failed to state prima facie obviousness 
rejections of claims 7 and 21. 



A.7 Claims 8 and 22 

Regarding claims 8 and 22, the examiner states that: 

15. As per claims 8 and 22 ? Pereira and Win taught the invention 
substantially as claimed in claims 7 and 21 above. Win further taught 
wherein the record is stored on the client (col. 13, lines 20-21; col. 23, 
lines 47-51). 

Office Action of October 22 ? 2004, page 5, paragraph 1 5. 

Claims 7 and 21 depend from claims 1 and 1 8. Thus, claims 7 and 21 are patentable over 
Pereira in view of Win for the same reasons given above. 

in addition, the examiner's statement is incorrect. Win does not show "wherein the record is 

stored on the client," as claimed. The examiner asserts otherwise, citing Win as follows; 

A short report is returned as an HTML page to be displayed by browser 
100. 

Win, col. 13, lines 20-21. 

In response, Administration Application 1 14 generates the selected report. 
Reports that do not exceed the capacity of browser 100 are displayed as 
HTML pages at the browser. Longer reports are generated in the form of a 
text file that can be downloaded. 
Win, col. 23, lines 47-51. 

The cited text mentions generating selected reports and downloading longer reports in the form 
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of a text file. However, none of the reports mentioned in Win are that of successfully attached 
resources, Pereira fails to cure the lack of disclosure in Win. Thus, the proposed combination does 
not result in the claimed inventions. Accordingly, the examiner has failed to state prima facie 
obviousness rejections of claims 8 and 22. 



A.8 Claims 9 and 23 

Regarding claims 9 and 23, the examiner states that: 

1 6. As per claims 9 and 23, Pereira and Win taught the invention 
substantially as claimed in claims 7 and 21 above. Win Further taught 
wherein the record is stored on a network server (cot. 1.3, lines 21-23). 
Office Action of October 22, 2004, page 5, paragraph 1 6. 

Claims 9 and 23 depend from claims 1 and 18 respectively. Thus, claims 9 and 23 are 

patentable over Pereira in view of Win for the same reasons given above. 

In addition, the examiner's statement is incorrect. The cited text provides as follows: 

Longer reports are processed in the background and saved in a tab- 
delimited file. The URL of the report file is sent to the administrator by 
electronic mail. 
Win, col. 13 ? lines 21-23. 

The cited text plainly does not disclose storing the claimed record on a network server as 

claimed. Although Win does mention "reports," none of the reports discussed in Win describe 

whether a resource has been successfully attached. Pereira fails to cure the lack of disclosure in 

Win. Thus, the proposed combination does not result in the claimed inventions. Accordingly, the 

examiner has failed to state prima facie obviousness rejections of claims 9 and 23. 



B. GROUND OF REJECTION 2 (Claims 1 0, 11, 24, 25, and 28) 

The examiner has rejected claims 1 0, I K 24, 25, and 28 as being obvious over Pereira i. 
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of Win in view of Hudson ct al, System and Method for Accessing Enterprise Wide Resources bv 
Presenting to the Resource Temporary Credential . U.S. Patent 6,055,637 (Apr. 25, 2000). 

The examiner has failed to establish prima facie obviousness rejections of these claims because 
the proposed combination does not result in claimed inventions. As discussed above, the 
combination of Pereira and Win do not teach all the elements of claims I, 18, and 27, from which 
claims 10, 1 1, 24, 25, and 28 depend Moreover, Hudson fails to cure the lack of disclosure in 
Pereira and Win with respect to claims 1,18, and 27. Therefore, the examiner has also failed to 
establish prima facie obviousness rejections for dependent claims 10, 1 1, 24, 25, and 28. 



B.I Claims 10, 24, and 28 

Regarding claims 10, 24, and 28, the examiner states that: 

19. As per claims 1 0, 24 and 28, Pereira and Win taught the invention 
substantially as claimed in claims 1 ? 18 and 27 above. Pereira and Win did 
not teach unattaching the resources when the user log out. Hudson taught 
comprising: 

receiving a log out command from the user and unattaching the 
attached resources (col. 1, lines 67-coI. 2, lines 2; coL 5, lines 54- 
col. 6, lines 4). 



20. It would have been obvious to one having ordinary skill in the art 
at the time of the invention was made to combine the teachings of Pereira, 
Win and Hudson because Hudson's teaching of unattaching the resources 
would increase the efficiency of Pereira' s and Win's systems by allowing 
the unattached resources to be allocating to another user. 
Office Action of October 22, 2004, page 5-6, paragraphs 1 9-20. 

The examiner misapprehends Hudson. Hudson does not teach the attachment of resources a 
asserted by the examiner. Instead, Hudson only prevents access to resources. The cited text 
provides as follows: 



The temporary credential token is communicated to the resource to allow 
access by the user, and deleted as the user logs off the resource. 
Hudson, col. 1 , lines 67 through col. 2. lines 2. 



Appeal Brief Page 24 of 35 
Pratt ui a f. -09/72<s266 



PAGE 26/31 1 RCVD AT 2/16/2005 4:54:34 PM [Eastern Standard Time] * SVR:USPT0-EFXRF-1/5 * DNIS:8729306 * CSID:9723857766 * DURATION (mm-ss):08-20 



02/16/20B5 15:52 9723857766 



YEE & ASSOCIATES 



PAGE 



When user 90 logs off from application program 94 at the end of the 
session, application program 94 terminates the session, and security 
package 96 deletes the temporary user crcdentiaJ token and also terminates 
the temporary access permission, as shown in bJocks 1.32-1 36. User 90 
then logs off the network in block 138, and platform 92 then deletes the 
temporary user credential token and terminates the session in block 140. 
Hudson, col. 5, lines 64 through col.6, lines 4. 

The cited text plainly shows that Hudson does not actually detach resources. Hudson only 

prevents access to them. The user credential token allows a user to gain access to a resource, much 

like a password may be used to gain access to certain resources. Hie resources in Hudson remain 

attached to the relevant computer. Hudson does not show actually detaching the resources as 

claimed. Therefore, the proposed combination does not result in the claimed inventions. 

Accordingly, the examiner has failed to state prima facie obviousness rejections of claims 10, 24, 

and 28. 

In addition, the examiner's statement regarding why it would have been obvious to combine the 
references makes no sense because, as discussed above, Hudson docs not teach what the examiner 
says Hudson teaches. Because the statement makes no sense, the statement cannot serve as a 
motivation to combine the references. As the examiner has not provided a proper motivation to 
combine the references, the examiner again has failed to state prima facie obviousness rejections of 
claims 10 s 24, and 28. 

In addition, Hudson is directed to a substantially different technology than cither the claimed 
inventions or the other cited references. Hudson is directed towards using a temporary token to 
control access to computer system resources. Pereira is directed to controlling access to an 
individual computer's resources by controlling the boot record. Win is directed to defining 
administrative roles over a network. The three references are very different from each other. Thus, 
no reason exists why one of ordinary skill would want to combine Pereira and the other references 
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when the references are viewed as a whole. Moreover, the claimed inventions deal with attaching 
network resources to a local computer using an attachment program, which has nothing to do with 
any of the cited references. Accordingly, no one of ordinary skill would attempt to combine the 
references to achieve the claimed inventions. Therefore, the claims 1 0, 24, and 28 are non-obvious. 

Furthermore, the proposed combination is inoperative. It is not possible to combine Hudson's 
method of using tokens to control access to computer system resources and Pereira's method of 
controlling an individual computer's boot record. The two methods arc mutually exclusive. 
Because the proposed combination is inoperative, claims 10, 24, and 28 are non-obvious. 

B.2 Claims 11 and 25 

Regarding claims 1 1 and 25, the examiner states that: 

21. As per claims 1 1 and 25, Pereira and Win taught the invention 
substantially as claimed in claims 7 and 21 above. Pereira and Win did 
not teach deleting the record of attached resources when a user log out. 
Hudson taught comprising: 

receiving a log out command from the user and deleting the record 
of attached resources (col. 5, lines 64-col. 6, lines 4). 

22. It would have been obvious to one having ordinary skill in the art 
at the time of the invention was made to combine the teaching of Pereira, 
Win and Hudson because Hudson's teaching of deleting the record of 
attached resources would increase the security of Pereira's and Win's 
systems by preventing another user from accessing the record of attached 
resources. 

Office Action orOctobcr 22, 2004, page 6, paragraphs 21-22. 

Claims 1 1 and 25 depend on claims 1 and 18, respectively. Hudson fails to cure the lack of 
disclosure m Win and Pereira regarding claims I and 1 8. Thus, the proposed combination docs not 
result in the claimed inventions. Accordingly, the examiner has failed to state prima facie 
obviousness rejections of claims 11 and 25. 

In addition, Hudson does not teach receiving a logout command and deleting the record of 
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attached resources as claimed. The examiner asserts otherwise, citing the following text: 

When user 90 logs off from appl ication program 94 at the end of the 
session, application program 94 terminates the session, and security 
package 96 deletes the temporary user credential token arid also terminates 
the temporary access permission, as shown in blocks 1 32-1 36. User 90 
then logs off the network in block 138, and platform 92 then deletes the 
temporary user credential token and terminates the seSsSion in block 140. 
Hudson, col. 5, line 64 through col. 6, line 4. 

The cited text discusses deleting a temporary user token, which is akin to deleting a user 

password when logging out of a system. However, the cited text plainly docs not discuss deleting a 

record of attached resources as claimed. Pereira and Win fail to cure the lack of disclosure in 

Hudson. Thus, the proposed combination does not result in the claimed inventions. Accordingly, 

the examiner has failed to state pri ma facie obviousness rejections of claims 1 1 and 25. 

C GROUND OF REJECTION 2 (Claims 12 and 26) 

The examiner has rejected claims 1 2 and 26 as obvious over Pereira in view of Win in view of 
Bauer ct ai, Method for Controlling R esource Usage bv Network Identities . U.S. Patent 5,8 1 9,047 
(Oct. 6, 1 998), The examiner has failed to establish prima facie obviousness rejections of these 
claims because the proposed combination does not result in claimed inventions. As discussed 
above., the combination of Pereira and Win do not teach all the elements of claims 1 and 1 8, from 
which claims 12 and 26 depend. Moreover, Bauer fails to cure the lack of disclosure in Pereira and 
Win with respect to claims I and 1 8. Therefore, the examiner has also failed to establish prima 
facie obviousness rejections for dependent claims 12 and 26. Accordingly, the examiner has failed 
to state prima facie obviousness rejections of these claims. 
In addition, the examiner slates thai: 

25. As per claims 1 2 and 26, Pereira and Win taught the invention 
substantially as claimed in claims 1 and 18 above. Pereira and Win did 
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not teach the client computer uses the IJNTX operating system. Bauer 
taught wherein the client computer uses the UNIX operating system {col. 
1, lines 31-40; col. 3, lines 31-48). 

26. Tt would have been obvious to one having ordinary skill in the art 
at the lime of the invention was made to combine the teachings of Percira, 
Win and Bauer because Bauer's teaching of using the UNIX operating 
system would enhance Pereira's and Win's systems by increasing the field 
of use in their systems. 
Office Action of October 22, 2004, page 7, paragraphs 25-26. 

The examiner has failed to state prima facie obviousness rejections because the proposed 

combination does not result in the claimed inventions. Bauer shows a method of allocating a quota 

for maximum resource usage over a network, including networks that have computers that use the 

UNTX operating system. However, Bauer does not show associating resources locally in the first 

place. Resources must still be located and attached locally on each individual computer. Bauer 

does not contradict this fact, and indeed, seems to acknowledge this fact as shown by the following 

text cited by the examiner: 

As a result, a user's typical Jog on session would require the user to enter 
his/her user identifier^) and password(s) several times to gain access to a 
number of di fferent resources. Each resource is required to independently 
authenticate the user's identifier and password before entry is granted. If 
the user logs off a resource but later desires access to the same resource 
again during the same session, he/she must reenter the user identifier and 
password to regain entry. 
Bauer, col. 1 , lines 3 1-40. 

The cited text discusses controlling access to resources on a UNIX local computer. The cited 
text docs not discuss associating resources based on a configuration file as claimed. Thus, one of 
ordinary skill would assume that the UNIX operating system would require that require that 
resources be assigned locally at each individual computer before they can be accessed using Bauer's 
method- Accordingly, Bauer does not teach a system as shown in Pereira or Win where the client 
computer uses the UNIX operating system, as asserted by the examiner. 
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Nevertheless, the examiner cites the following text from Bauer to support the examiner': 
assertion: 

Each subject is preferably identified by a unique identifier, which is used 
as a key for accessing subject information. Subject information may 
include validation information, authorization information, and general 
information. Validation information is used to verify the identity of a 
subiect and 
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